package com.xqf.securitydemo.controller;

import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * @author:祺诺
 * @name:谢钱枫1053557904@qq.com
 * @date:1/12/2021 下午 5:53
 * @poject:Security-Demo
 */
@Controller
//@RequestMapping("/demo")
public class LoginController {

//    @RequestMapping("login")
//    public String login(){
//        System.out.println("执行登录");
//        return "redirect:main.html";
//    }
    //注解的话要在角色前添加ROLE_
    //@Secured("ROLE_abc")
    //PreAuthorize的表达式允许ROLE_开头 也可以不以ROLE_开头的 配置类不允许ROLE_开头
    @PreAuthorize("hasRole('abc')")
    @RequestMapping("toMain")
    public String toMain(){
        return "redirect:main.html";
    }

    @RequestMapping("toError")
    public String toError(){
        return "redirect:error.html";
    }

    @RequestMapping("demo")
    public String demo(){
        return "demo";
    }
}
